TRENDING

Are IT managers pushing back on OMB's cloud-first policy?

By Rutrell Yasin

Jan 17, 2012

Federal managers are working to comply with aspects of the Office of Management and Budget’s cloud-first initiative but are not yet convinced cloud applications are safe enough or will lead to significant cost savings, according to a survey released by SafeGov.org.

Early compliance with the mandate is high but incomplete, Larry Ponemon, chairman and founder of the Ponemon Institute, and Jeff Gould, CEO and director of research with Peerstone Research, wrote in a recent blog entry.

Ponemon Institute conducted the survey of IT and non-IT federal managers in September 2011 on behalf of SafeGov.org, an online forum for IT providers and industry experts who are focused on promoting responsible and trusted cloud computing for the public sector. Eighty-three percent of the 432 survey respondents representing more than 20 federal agencies have fully or partially identified the first three applications they intend to migrate to the cloud. However, only 25 percent have fully migrated at least one legacy application to the cloud, while a further 47 percent say their first migration is in progress.

Former federal CIO Vivek Kundra launched the cloud-first mandate in December 2010, stipulating that federal agencies should migrate at least one existing application to the cloud by the end of 2011 and two additional applications by mid-2012.

Cloud computing provides on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or interaction from the service provider.

“Federal IT managers recognize that cloud solutions will be an important part of their future. But many of them are pushing back against the tight timelines imposed by the cloud-first" mandate, Ponemon and Gould said. Sixty-nine percent of IT managers say the cloud-first framework schedule is too fast. Seventy-one percent say that pressure to move to the cloud is inadvertently creating greater security risks for their agencies, according to the survey.

IT managers' "doubts about cloud security and the accelerated pace of cloud migration feed a belief that this issue is driven in part by politics,” the writers said.

Sixty-nine percent of IT managers say one of the most important reasons their agencies are moving to cloud is to comply with the political mandate, while only 35 percent cite cost savings. Responses from non-IT managers are exactly reversed: 76 percent of non-IT managers say cost reduction is a primary reason for moving to cloud, compared to only 48 percent who cite the political mandate.

“Federal managers aren't yet persuaded that the cloud will be a significant money saver, because they don't have enough experience with cloud solutions to know what the true long-term costs will be,” Ponemon and Gould said.

Forty-two percent of respondents agree that cloud computing will result in some degree of cost savings for their agency (though only 12 percent believe the savings will be "significant"). But a surprising 25 percent believe that cloud will actually cause costs to go up, while 33 percent say its impact will be neutral,” according to the survey.

Some other findings of the survey include:

38 percent of respondents expect that their agency will be using a federal-only cloud in the coming year.

28 percent expect to use a broader government cloud (open to all levels of government).

20 percent expect to use a private cloud limited to their own agency.

73 percent want their servers to be physically isolated from those used by non-government customers.

70 percent want all cloud provider personnel who have access to their agency’s servers or data to pass rigorous background checks.

The results of the survey highlight the need for OMB and the General Services Administration to provide greater transparency about cloud security and more credible data about the true cost of cloud services, according to SafeGov.org officials.

Cloud-first was launched as a top-down political mandate from OMB to the user agencies. At that time, imposing an ambitious timeline was an effective way to show agency managers and Congress that the Obama administration was serious about reforming federal IT. But now that agencies have embraced the concept of cloud computing, there should be a more flexible approach, SafeGov.org officials said.

“We know the transition to the cloud is going to happen," Gould said. "But this survey’s findings show that agencies are still in need of education on the cloud and how they will transition effectively."

"The key is for agencies to gather as much information as possible and work closely with their vendors to find the most cost-effective and secure option for their respective organizations,” he said.